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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently Amended) A method for maintaining the security of a secured 
execution environment on a system comprising said secured execution environment and a 
second execution environment both on a single computing device , the method comprising: 

accepting user input from a trusted input device; 

determining whether said secured execution environment is in a standard input mode; 

directing the flow of user input based on the input mode of the secured execution 
environment including if said secured execution environment is in a standard input mode, 
transferring at least a first portion of said user input to said second execution environment; 

determining whether said user input comprises a user NIM indication that said 
secured execution environment should be in a nexus input mode; and 

if said user input comprises said user NIM indication and said secured execution 
environment is not in said nexus input mode, switching said secured execution environment 
to said nexus input mode, said user NIM indication being the only way to initiate a transition 
from said standard input mode to said secure execution environment nexus input mode , there 
being at least two ways to transition from said secured execution environment nexus input 
mode to said standard input mode at least one of which is not a symmetrical counterpart of 
said user NIM indication. 

2. (Original) The method of claim 1, further comprising: 
decrypting said user input. 

3. (Original) The method of claim 1, further comprising: 

if said secured execution environment is in a nexus input mode, determining a specific 
process running in said secured execution environment to which said user input is directed; 
and 

directing said user input to said specific process. 

4. (Canceled). 
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5. (Previously Presented) The method of claim 1, where said user NIM indication 
comprises a combination of keystrokes on a keyboard. 



6. (Previously Presented) The method of claim 1, where said user NIM indication 
comprises a programmatic activation of a process running in said secured execution 
environment. 



7. (Original) The method of claim 6, where said programmatic activation of a 
first process running in said secured execution environment comprises selecting a graphical 
user interface element corresponding to said process. 

8. (Original) The method of claim 7, where said graphical user interface element 
is a shadow graphical user interface element displayed using a second process, where said 
process is running on said second execution environment, and where said shadow graphical 
user interface element corresponds to a secured graphical user interface element displayed by 
said first process. 

9. (Original) The method of claim 1, further comprising: 

determining whether said user input comprises a user SIM indication that said secured 
execution environment should be in said standard input mode; and 

if said user input comprises said user SIM indication and said secured execution 
environment is not in said standard input mode, switching said secured execution 
environment to said standard input mode. 

10. (Original) The method of claim 9, where said user SIM indication comprises a 
combination of keystrokes on a keyboard. 



11. (Original) The method of claim 9, where said user SIM indication comprises 
an action which results in a display with no graphical user interface element which 
corresponds to a process running on said secured execution environment. 
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12. (Previously Presented) The method of claim 1, where if said secured execution 
environment is in a standard input mode, and a second portion of said user input corresponds 
to changes to a graphical user interface element displayed by a process running on said 
secured execution environment, said changes to said graphical user interface element are 
performed within said secured execution environment. 

13. (Original) The method of claim 12, where said changes to a graphical user 
interface element displayed by a process running on said secured execution environment 
comprise the movement of a mouse cursor over a graphical user interface element displayed 
by a process running on said secured execution environment. 

14. (Original) The method of claim 1, further comprising: 

switching said secured execution environment to a nexus input mode if a power 
management change is detected. 

15. (Currently Amended) A computer-readable medium containing computer 
executable instructions to maintain the security of a secured execution environment on a 
system comprising said secured execution environment and a second execution environment 
both on a single computing device , the computer-executable instructions to perform acts 
comprising: 

accepting user input from a trusted input device; 

determining whether said secured execution environment is in a standard input mode; 

if said secured execution environment is in a standard input mode, transferring at least 
a first portion of said user input to said second execution environment; 

determining whether said user input comprises a user NIM indication that said 
secured execution environment should be in a nexus input mode; and 

if said user input comprises said user NIM indication and said secured execution 
environment is not in said nexus input mode, switching said secured execution environment 
to said nexus input mode, there being at least two ways to transition from said secured 
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execution environment to said standard input mode at least one of which is not a symmetrical 
counterpart of said user NIM indication. 

16. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

decrypting said user input. 

17. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

if said secured execution environment is in a nexus input mode, determining a specific 
process running in said secured execution environment to which said user input is directed; 
and 

directing said user input to said specific process. 

18. (Canceled). 

19. (Previously Presented) The computer-readable medium of claim 15, where 
said user NIM indication comprises a combination of keystrokes on a keyboard. 

20. (Previously Presented) The computer-readable medium of claim 15, where 
said user NIM indication comprises a programmatic activation of a process running in said 
secured execution environment. 

21. (Original) The computer- readable medium of claim 20, where said 
programmatic activation of a first process running in said secured execution environment 
comprises selecting a graphical user interface element corresponding to said process. 

22. (Previously Presented) The computer-readable medium of claim 21, where 
said graphical user interface element is a shadow graphical user interface element displayed 
using a second process, where said process is running on said second execution environment, 
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and where said shadow graphical user interface element corresponds to a secured graphical 
user interface element displayed by said first process. 



23. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

determining whether said user input comprises a user SIM indication that said secured 
execution environment should be in said standard input mode; and 

if said user input comprises said user SIM indication and said secured execution 
environment is not in said standard input mode, switching said secured execution 
environment to said standard input mode. 

24. (Original) The computer-readable medium of claim 23, where said user SIM 
indication comprises a combination of keystrokes on a keyboard. 

25. (Original) The computer-readable medium of claim 23, where said user SIM 
indication comprises an action which results in a display with no graphical user interface 
element which corresponds to a process running on said secured execution environment. 

26. (Original) The computer-readable medium of claim 15, where a if said secured 
execution environment is in a standard input mode, and a second portion of said user input 
corresponds to changes to a graphical user interface element displayed by a process running 
on said secured execution environment, said changes to said graphical user interface element 
are performed within said secured execution environment. 

27. (Original) The computer-readable medium of claim 26, where said changes to 
a graphical user interface element displayed by a process running on said secured execution 
environment comprise the movement of a mouse cursor over a graphical user interface 
element displayed by a process running on said secured execution environment. 

28. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 
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switching said secured execution environment to a nexus input mode if a power 
management change is detected. 



29. (Currently Amended) A trusted user interface engine for use in a computer 
system comprising both a secured execution environment and a second execution 
environment on a single computing device , said trusted user interface engine comprising: 

an input stack for accepting user input from a trusted input device ; and 
a trusted input manager for determining whether said secured execution 
environment is in a standard input mode; and for directing at least a first portion of said user 
input to said second execution environment if said secured execution environment is in a 
standard input mode, 

where said trusted input manager determines whether said user input comprises a user NIM 
indication that said secured execution environment should be in a nexus input mode; and if 
said user input comprises said user NIM indication and said secured execution environment is 
not in said nexus input mode, switching said secured execution environment to said nexus 
input mode, there being at least two ways to transition from said secured execution 
environment to said standard input mode at least one of which is not a symmetrical 
counterpart of said user NIM indication. 

30. (Original) The trusted user interface engine of claim 29, where said trusted 
input manager, if said secured execution environment is in a nexus input mode, determines a 
specific process running in said secured execution environment to which said user input is 
directed; and directs said user input to said specific process. 



31. (Canceled). 



32. (Previously Presented) The trusted user interface engine of claim 29, where 
said user NIM indication comprises a combination of keystrokes on a keyboard. 
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33. (Previously Presented) The trusted user interface engine of claim 29, where 
said user NIM indication comprises a programmatic activation of a process running in said 
secured execution environment. 

34. (Original) The trusted user interface engine of claim 33, where said 
programmatic activation of a first process running in said secured execution environment 
comprises selecting a graphical user interface element corresponding to said process. 

35. (Original) The trusted user interface engine of claim 34, where said graphical 
user interface element is a shadow graphical user interface element displayed using a second 
process, where said process is running on said second execution environment, and where said 
shadow graphical user interface element corresponds to a secured graphical user interface 
element displayed by said first process. 

36. (Original) The trusted user interface engine of claim 29, where said trusted 
input manager determines whether said user input comprises a user SIM indication that said 
secured execution environment should be in said standard input mode; and if said user input 
comprises said user SIM indication and said secured execution environment is not in said 
standard input mode, switches said secured execution environment to said standard input 
mode. 

37. (Original) The trusted user interface engine of claim 36, where said user SIM 
indication comprises a combination of keystrokes on a keyboard. 

38. (Original) The trusted user interface engine of claim 36, where said user SIM 
indication comprises an action which results in a display with no graphical user interface 
element which corresponds to a process running on said secured execution environment. 

39. (Original) The trusted user interface engine of claim 29, where a if said 
secured execution environment is in a standard input mode, and a second portion of said user 
input corresponds to changes to a graphical user interface element displayed by a process 
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running on said secured execution environment, said changes to said graphical user interface 
element are performed within said secured execution environment. 



40. (Original) The trusted user interface engine of claim 39, where said changes to 
a graphical user interface element displayed by a process running on said secured execution 
environment comprise the movement of a mouse cursor over a graphical user interface 
element displayed by a process running on said secured execution environment. 

41. (Original) The trusted user interface engine of claim 29, where said trusted 
input manager switches said secured execution environment to a nexus input mode if a power 
management change is detected. 



42. (Currently Amended) A method for maintaining the security of a secured 
execution environment on a system comprising said secured execution environment and a 
second execution environment, comprising: 

maintaining a current state for said secured execution environment selected from 
among a group of possible states comprising: a standard input mode state and a nexus input 
mode state; 

directing a flow of user input according to said current state at least through a secure 
kernel of both said second environment and said secured execution environment . 



43. (Original) The method of claim 42, further comprising: 

limiting a transfer of said user input to said second execution environment when said 
current state is said nexus input mode state. 

44. (Currently Amended) A computer-readable medium containing computer 
executable instructions to maintain the security of a secured execution environment on a 
system comprising both said secured execution environment and a second execution 
environment on a single computing device , the computer-executable instructions to perform 
acts comprising: 

maintaining a current state for said secured execution environment selected from 
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among a group of possible states comprising: a standard input mode state and a nexus input 
mode state; 

directing a flow of user input according to said current state, 
wherein a user input sequence comprises a user NIM indication that causes said state to 
transition from a standard input mode to a nexus input mode, there being at least two ways to 
transition from said nexus input mode to said standard input mode at least one of which is not 
a symmetrical counterpart of said user NIM indication. 

45. (Original) The computer-readable medium of claim 44, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

limiting a transfer of said user input to said second execution environment when said 
current state is said nexus input mode state. 
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